Описание
The Carlo Gavazzi EOS-Box
does not check the validity of the data before executing queries. By accessing the SQL table of certain pages that do not require authentication, attackers can leak information from the device. This could allow the attacker to compromise confidentiality.
Уязвимые конфигурации
Конфигурация 1Версия до 1.0.0 (включая)
Одновременно
cpe:2.3:o:carlosgavazzi:eos-box_photovoltaic_monitoring_system_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:carlosgavazzi:eos-box_photovoltaic_monitoring_system:-:*:*:*:*:*:*:*
EPSS
Процентиль: 47%
0.00238
Низкий
7.8 High
CVSS2
7.5 High
CVSS2
Дефекты
CWE-89
CWE-89
Связанные уязвимости
github
больше 3 лет назад
Multiple SQL injection vulnerabilities in Carlo Gavazzi EOS-Box with firmware before 1.0.0.1080_2.1.10 allow remote attackers to execute arbitrary SQL commands via unspecified vectors, a similar issue to CVE-2012-5861.
EPSS
Процентиль: 47%
0.00238
Низкий
7.8 High
CVSS2
7.5 High
CVSS2
Дефекты
CWE-89
CWE-89